adelorenzo/kilo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

pkg/k8s/apis/kilo/v1alpha1/types.go: add public key validation

Browse Source 
Signed-off-by: leonnicolas <leonloechner@gmx.de>
This commit is contained in:
leonnicolas
2021-04-30 21:56:50 +02:00
parent 166094b5ad
commit 64ea86436f
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/k8s/apis/kilo/v1alpha1/types.go
View File

@@ -15,6 +15,7 @@
package v1alpha1
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
@@ -133,7 +134,7 @@ func (p *Peer) Copy() *Peer {
func (p *Peer) Validate() error {
for _, ip := range p.Spec.AllowedIPs {
if _, n, err := net.ParseCIDR(ip); err != nil {
return fmt.Errorf("failed to parse %q as a valid IP address: %v", ip, err)
return fmt.Errorf("failed to parse %q as a valid IP address: %w", ip, err)
} else if n == nil {
return fmt.Errorf("got invalid IP address for %q", ip)
}
@@ -157,8 +158,11 @@ func (p *Peer) Validate() error {
if p.Spec.PersistentKeepalive < 0 {
return fmt.Errorf("persistent keepalive must be greater than or equal to zero; got %q", p.Spec.PersistentKeepalive)
}
if len(p.Spec.PublicKey) == 0 {
return errors.New("public keys cannot be empty")
if b, err := base64.StdEncoding.DecodeString(p.Spec.PublicKey); err != nil {
return fmt.Errorf("WireGuard public key is not base64 encoded: %w", err)
// Since WireGuard is using Curve25519 for the key exchange, the key length of 256 bits should not change in the near future.
} else if len(b) != 32 {
return errors.New("WireGuard public key has invalid length")
}
return nil
}